CVE-2020-1459

Summary

An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation." To exploit this vulnerability, an attacker with local privileges would need to run a specially crafted application. The security update addresses the vulnerability by bypassing the speculative execution.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 180910.0.0 < publicationaffected
MicrosoftWindows 10 Version 190910.0.0 < publicationaffected
MicrosoftWindows 10 Version 1903 for ARM64-based Systems10.0.0 < publicationaffected
MicrosoftWindows 10 Version 200410.0.0 < publicationaffected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References